<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      libcap-2.31 with PAM
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.79.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-9.1">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 9.1
      </h4>
      <h3>
        Chapter&nbsp;4.&nbsp;Security
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="firewall.html" title=
          "Setting Up a Network Firewall">Prev</a>
          <p>
            Setting Up a Network Firewall
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="linux-pam.html" title=
          "Linux-PAM-1.3.1">Next</a>
          <p>
            Linux-PAM-1.3.1
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <h1 class="sect1">
        <a id="libcap-pam" name="libcap-pam"></a>libcap-2.31 with PAM
      </h1>
      <div class="package" lang="en" xml:lang="en">
        <h2 class="sect2">
          Introduction to libcap with PAM
        </h2>
        <p>
          The <span class="application">libcap</span> package was installed
          in LFS, but if <span class="application">Linux-PAM</span> support
          is desired, the PAM module must be built (after installation of
          <span class="application">Linux-PAM</span>).
        </p>
        <p>
          This package is known to build and work properly using an LFS-9.1
          platform.
        </p>
        <h3>
          Package Information
        </h3>
        <div class="itemizedlist">
          <ul class="compact">
            <li class="listitem">
              <p>
                Download (HTTP): <a class="ulink" href=
                "https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.31.tar.xz">
                https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.31.tar.xz</a>
              </p>
            </li>
            <li class="listitem">
              <p>
                Download MD5 sum: 52120c05dc797b01f5a7ae70f4335e96
              </p>
            </li>
            <li class="listitem">
              <p>
                Download size: 97 KB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated disk space required: 1 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated build time: less than 0.1 SBU
              </p>
            </li>
          </ul>
        </div>
        <h3>
          libcap Dependencies
        </h3>
        <h4>
          Required
        </h4>
        <p class="required">
          <a class="xref" href="linux-pam.html" title=
          "Linux-PAM-1.3.1">Linux-PAM-1.3.1</a>
        </p>
        <p class="usernotes">
          User Notes: <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/libcap">http://wiki.linuxfromscratch.org/blfs/wiki/libcap</a>
        </p>
      </div>
      <div class="installation" lang="en" xml:lang="en">
        <h2 class="sect2">
          Installation of libcap
        </h2>
        <div class="admon note">
          <img alt="[Note]" src="../images/note.png" />
          <h3>
            Note
          </h3>
          <p>
            If you are upgrading libcap from a previous version, use the
            instructions in <a class="ulink" href=
            "../../../../lfs/view/development/chapter06/libcap.html">LFS
            libcap page</a> to upgrade libcap. If the PAM module has been
            built, it will automatically be picked up.
          </p>
        </div>
        <p>
          Install <span class="application">libcap</span> by running the
          following commands:
        </p>
        <pre class="userinput">
<kbd class="command">make -C pam_cap</kbd>
</pre>
        <p>
          This package does not come with a test suite.
        </p>
        <p>
          Now, as the <code class="systemitem">root</code> user:
        </p>
        <pre class="root">
<kbd class=
"command">install -v -m755 pam_cap/pam_cap.so /lib/security &amp;&amp;
install -v -m644 pam_cap/capability.conf /etc/security</kbd>
</pre>
      </div>
      <div class="configuration" lang="en" xml:lang="en">
        <h2 class="sect2">
          Configuring Libcap
        </h2>
        <p>
          In order to allow <span class="application">Linux-PAM</span> to
          grant privileges based on POSIX capabilites, you need to add the
          libcap module to the begining of the <code class=
          "filename">/etc/pam.d/system-auth</code> file. Make the required
          edits with the following commands:
        </p>
        <pre class="root">
<kbd class="command">mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
<code class="literal"># Begin /etc/pam.d/system-auth

auth      optional    pam_cap.so</code>
EOF
tail -n +3 /etc/pam.d/system-auth.bak &gt;&gt; /etc/pam.d/system-auth</kbd>
</pre>
        <p>
          Additonally, you'll need to modify the <code class=
          "filename">/etc/security/capability.conf</code> file to grant
          necessary privileges to users, and utilize the <span class=
          "command"><strong>setcap</strong></span> utility to set
          capabilities on specific utilities as needed. See <span class=
          "command"><strong>man 8 setcap</strong></span> and <span class=
          "command"><strong>man 3 cap_from_text</strong></span> for
          additional information.
        </p>
      </div>
      <div class="content" lang="en" xml:lang="en">
        <h2 class="sect2">
          Contents
        </h2>
        <div class="segmentedlist">
          <div class="seglistitem">
            <div class="seg">
              <strong class="segtitle">Installed Programs:</strong>
              <span class="segbody">None</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Library:</strong>
              <span class="segbody">pam_cap.so</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Directories:</strong>
              <span class="segbody">None</span>
            </div>
          </div>
        </div>
      </div>
      <p class="updated">
        Last updated on 2020-02-15 08:54:30 -0800
      </p>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="firewall.html" title=
          "Setting Up a Network Firewall">Prev</a>
          <p>
            Setting Up a Network Firewall
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="linux-pam.html" title=
          "Linux-PAM-1.3.1">Next</a>
          <p>
            Linux-PAM-1.3.1
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
